On Wed, Feb 22, 2017 at 02:04:21AM +0000, rosect190@xxxxxxxxx wrote: > Starting from hostapd 2.5, in src/ap/wpa_auth_ie.c, wpa_write_rsn_ie(..), this condition is added at line 265: > > conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC This was added to remove the optional fields from RSNE as a workaround for some interoperability issues. The commit log has more details: http://w1.fi/cgit/hostap/commit/?id=44fa5e747b7aca39285e2511d5c94684e0723b6b > However, in the following switch statement, this condition is actually evaluated: > switch (conf->group_mgmt_cipher) { > case WPA_CIPHER_AES_128_CMAC: > RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC); > break; > > > I do not quite understand this seemingly contradictory situation. Could someone explain? Thanks in advance. It looks safer to leave the full set of management group cipher suites in the switch statement even though this WPA_CIPHER_AES_128_CMAC case is currently unreachable. Otherwise, this code might accidentally be copied somewhere else and or re-enabled without realizing that one of the options was missing. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
